CVE-2025-50197

CVSS v2.0

8.7

High

AV:N/AC:L/Au:S/C:P/I:C/A:C

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation allows a remote attacker to execute arbitrary SQL queries. The issue is located in the /main/admin/sub language ajax.inc.php file and involves the new language parameter submitted via a POST request.

Recommendations Update to version 1.11.30 or later.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2025-06910

CVE-2025-50197

GHSA-M76M-95C9-6H7R

Affected Products

Chamilo

CVE-2025-50197

Weakness Enumeration

Related Identifiers

Affected Products

References · 11